How to Write HIPAA Policies and Procedures

Duration: 90 Minutes
The webinar will explain for HIPAA covered entities and business associates the process of drafting, adopting and implementing HIPAA compliance policies. Writing a policy is easier than one may think. It is a three-step process: Researching, drafting, and revising. This webinar will teach you to ask questions, solicit help, collect samples, keep the principles of substance, organization, coherence, style and correctness in mind while you are drafting, send your draft out for review, incorporate comments, implement the policy and repeat as necessary. The prospect of developing and writing perhaps as many as 70 policies to attain HIPAA compliance may still seem daunting, but this webinar will teach you how to make a checklist, take it step by step and enlist the help of others when you need it.
Drafting HIPAA Policies
Instructor: Alice M. McCart
Product ID: 501977
Objectives of the Presentation
  • Use HIPAA required Risk Analysis to help you decide which policies and procedures to develop
  • Research before drafting policies and procedures, by asking and answering the right questions, soliciting help and collecting samples
  • Draft policies and procedures that comply with HIPAA's requirements, based on sound principles of substance, organization, coherence, style, and correctness
  • Revise policies and procedures, including steps of reviewing, incorporating recommended changes and implementing
  • Draft required policies under HIPAA
  • Decide whether you must draft addressable policies under HIPAA
  • Decide what other policies you need to draft that HIPAA doesn't mention but that affect your organization or that may be required by your accreditation organizations and/or recommended by your various professional associations
Why should you Attend
The majority of the DHHS civil money penalties and settlements in lieu thereof involve, sometimes with other violations, failure to perform a written risk analysis, failure to develop required policies and failure to conduct adequate HIPAA training. These penalties usually are in the seven-figure range.

Failure to conduct a written risk analysis, adopt required policies, or conduct required training qualifies as ‘willful neglect,' which carries the highest civil money penalty (‘CMP') and which penalty cannot be waived by DHHS as can violations due to a reasonable cause. DHHS entered into a settlement with Massachusetts General Hospital for $1 million for a breach involving leaving paper PHI records on a subway. The sanction was because Massachusetts General had not trained its workforce on proper security for PHI taken offsite and did not have a work-at-home policy. Significantly, HIPAA does not even mention working at home; much less specifically require such a policy.

Areas Covered
  • Using HIPAA required Risk Analysis to help you decide which policies and procedures to develop
    • Researching
      • Ask questions. Learn why you need to nail down the answers to at least 12 questions before you try to write a policy and how to do so
      • Solicit help. Learn whom to solicit help from both within and outside your organization and when and why and how
      • Collect samples. Learn what samples to collect and from whom
    • Drafting
      • Substance. Learn what substance means and how to achieve it
      • Organization. Learn how to draft a clear beginning, a clear middle and a clear end
      • Coherence. Learn how to connect your ideas so that readers will not have to wonder where something came from or why
      • Style. Learn how to write for your target audience as simply and clearly as possible
      • Correctness. Learn how to get rid of the static in your writing
    • Revising:
      • Review. Learn whom to contact to review your drafts
      • Incorporate. Learn how to resolve disputes and incorporate changes
      • Implement. Learn how to lay out a plan for implementation of the policy, including publishing, distribution, implementing (and perhaps even training the workforce on the policy), and schedule for annual review and revision, if necessary
      • Drafting required policies under HIPAA
      • Deciding whether you must draft addressable policies under HIPAA
      • Deciding what other policies you need to draft that HIPAA doesn't mention but that affect your organization or that may be required by your accreditation organizations and/or recommended by your various professional associations
Who will Benefit
HIPAA compliance officers, HIPAA Security Officers, HIPAA Privacy Officers, CFOs, CEOs, COOs, CIOs, human resources directors, business office managers, administrators, medical records personnel, health information management professionals, health care attorneys, patient accounts managers, billing services, physicians, dentists, pharmacists, physical and occupational therapists, mental and behavioral health professionals, speech and language pathologists and audiologists, nurses, chiropractors and business associates.

Topic Background
HIPAA requires covered entities and business associates to draft, adopt, and implement policies and procedures for their workforce members to follow and abide by to attain and maintain HIPAA compliance. Some of those policies are required, some are addressable, and some simply fall into the category of "not mentioned anywhere in HIPAA, but you'd better have them." Writing those policies and procedures can be a major burden. The first and often worst part of that burden is deciding which policies you need to draft, adopt, implement and enforce.
$300
Recorded Session for one participant
Get life time access with download option!
Book this course
Pay Now
  $450.00 Training CD
Free shipment within 4 Working Days of placing the order. Get life time access for unlimited participants.
  $550.00 Training USB Flash Drive
Free shipment within 4 Working Days of placing the order. Get life time access for unlimited participants.
For multiple location please contact our customer care team +1-510-857-5896.

Popular Courses by Alice M. McCart

How it works
Live Session - How it works
  • Login to onlinecompliancepanel with your registered username and password https://www.onlinecompliancepanel.com/login
  • The webinar joining link, username and password for joining the webinar will be updated on your OCP Account 24 hours prior to the webinar
  • Presentation handouts in Downloadable PDF format will be updated on your OCP Account 24 hours prior to the live session
  • Login to the audio conference on the scheduled date and time
  • Get answers to your queries through interactive Q&A sessions via chat at the end of the session
  • Download the Certificate of Attendance and Purchase Invoice from your OCP Account 24 hours after the completion of the session
  • Please let us know your thoughts and views at the end of the webinar, your valuable feedback will help us improve
Recorded Session - How it works
  • Login to onlinecompliancepanel with your registered username and password https://www.onlinecompliancepanel.com/login
  • Upon purchase of the recorded session a link will be updated on your OCP Account within 24 hours
  • Please click on the link to access the Recorded Session
  • Presentation handouts in downloadable PDF format will be updated on your OCP Account within 24 hours of the purchase of the product
  • Download the Certificate of Attendance and Purchase Invoice from your OCP Account after 48 hours of the product Purchase
  • Please share your valuable Feedback at the end of the session
Instructor Profile:
Alice M. McCart, B.A., M.A.T., M.S.J., J.D., has been an editor for more than three decades and an attorney admitted to practice law in Illinois in 1993. She has master's degrees in teaching and journalism and enjoys freelance editing, tutoring, and teaching effective writing to adults.

She has held positions in the federal government, in professional associations, in the corporate world, in private law practice, and in HIPAA consulting. She now lives in Overland Park, Kansas, and is vice president of both the HIPAA consulting firm EMR Legal, Inc., and the publishing company Veterans Press, Inc., both owned by nationally recognized HIPAA expert Jonathan P. Tomes.

The EMR Legal team has provided consultation to more than 1,000 clients regarding HIPAA compliance since 1998. Veterans Press publishes HIPAA compliance books, CDs, and other tools by Jonathan P. Tomes and others, including "The Compliance Guide to HIPAA and the DHHS Regulations" and its accompanying "HIPAA Documents Resource Center" CD, both in their 6th edition, an integral part of the HIPAA Compliance Library, and his latest two books, "The Complete HIPAA Policies and Procedures Guide," with accompanying "HIPAA Compliance Sample Policies and Procedures" CD, and "Your Happy HIPAA Book," among many other books and HIPAA compliance tools, all of which Alice McCart has edited.
View More